1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can you get a virus via a virtual machine?

Discussion in 'Off Topic' started by =MGN=RedEagle, Apr 21, 2013.

?

Can a virus travel from a VM to a host machine?

  1. Yes, but only via file transfer.

    12.5%
  2. Yes

    75.0%
  3. No

    12.5%
  1. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    Hi guys,

    If I install linux via a VM on my PC, can a virus travel through the VM and harm my PC? What I I transfer files from my VM to my PC?

    Can I infect the VM from the PC by transferring data?


    I should mention that you guys are awesome and have been a huge help to me! :)
     
  2. AlexT

    AlexT Well-Known Member

    Yes and yes. Transfer via file transfer should be obvious if the transferred file is infected. Otherwise it depends on the security of the underlying hypervisor that runs the VM. It's not unheard of that hypervisors (VirtualBox, VMWare, Xen, KVM, ...) have been be exploited, allowing an app to escape the guest and attack the host. Some reads:

    http://blogs.gartner.com/neil_macdonald/2011/01/26/yes-hypervisors-are-vulnerable/
    http://threatpost.com/virtual-machine-escape-exploit-targets-xen-090612/
    http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php
    http://vsphere-land.com/news/escaping-the-cave-a-vmware-admins-worst-fear.html
     
    0ptima likes this.
  3. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    Thanks for that input. If I move a infected drive from a PC to a linux machine, will that drive infect the linux machine? I figured the vast majority would face compatibility issues.
     
  4. Adam Howard

    Adam Howard Well-Known Member

    It can. The old myth that (once fact, now myth) that there are no self executing programs in Linux ..... Is a myth today. And viruses can be cross platform as well (same thing can run on Windows, Linux, Apple, Android, iPhone, ect...).

    You're better off setting up this virtual PC inside a sandbox and inside another virtual PC.

    Off topic:

    The evil people that make such things.... They're getting smarter and a lot of people are playing catch up to them.

    The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.
     
  5. EQnoble

    EQnoble Well-Known Member

    Are you talking about firmware rootkits?
     
  6. Adam Howard

    Adam Howard Well-Known Member

    Something along those lines, yes. The infection was able to apply its self to things which normally you wouldn't be expecting (mouse, keyboard, bios, hard drive, ect...) If it had firmware, even stuff that typically wasn't thought flash-able... It made it.

    Think "HIV" for technology.... Make any data exchange of any kind and you were infected.
     
  7. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    So you mean a VM inside a VM? I used virtualbox to run my VM. If I install virtualbox on the ubuntu install within virtual box, should I be quite safe?
     
  8. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    I can delete both images once done use and then start again from an older image each time I use it?
     
  9. Biker

    Biker Well-Known Member

    There are prudent measures and then there's paranoia. Don't fall into the latter. Take your standard precautions, scan your machines regularly, and leave the paranoia at the door.
     
  10. ManagerJosh

    ManagerJosh Well-Known Member

    There is no 100% level of security. There will always be some level of risk by using a computer. At some point it simply becomes cost prohibitive.

    The best thing to do is take the most reasonable amount of precautions possible.
     
    Adam Howard likes this.
  11. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    Hi guys,

    You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.
     
  12. ManagerJosh

    ManagerJosh Well-Known Member


    Exactly how "high value" ?
     
  13. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    Not sure I would like to chat about that on a public forum. I think you can understand why :). Private message would not help my situation either. We have an on-going threat.
     
  14. Luke F

    Luke F Well-Known Member

    Literally the only danger of spreading would be in portable hard disks that actually bother to implement firmware updates over usb, and it would be astronomically hard to exploit.
     
    SneakyDave likes this.
  15. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    I was thinking the same thing. Sure it's not 100% secure, but it's better than any system we have now.
     
  16. SilverCircle

    SilverCircle Well-Known Member

    In that case it's probably better to consult / cooperate with a security expert instead of messing around with stuff you do not really understand, because that can be dangerous. Yes, that can cost you quite *some* $$$, because the really good people don't work for peanuts.
     
  17. Biker

    Biker Well-Known Member

    Not necessarily. Read up on Icelord and Mebromi. Both infect your BIOS and MBR.
     
  18. Fred Sherman

    Fred Sherman Well-Known Member

    Don't want to get too deeply into this, but don't think of a virus as a program. Think of a virus as a weapons system. You have delivery and payload. Even the payload can be complex, like a MIRV warhead. The "re-entry vehicle" can be chosen based on an IFDEF conditional in the delivery system, to select it for the proper OS, BIOS, firmware detected.

    So yes, not only can a virus in a VM affect the host computer, but also the hypervisor, the BIOS. and other VMs. It can replicate itself via ethernet or the SAN and affect the entire house, office, and/or datacenter. It can leap from to different operating systems. It all depends on the sophistication of the virus. And with many countries actively wngaging in cyberwarfare, viruses are becoming increasingly sophisticated.
     
    Biker likes this.
  19. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    Do you know if they can jump via a wireless router to different computers within the same house?
     
  20. Fred Sherman

    Fred Sherman Well-Known Member

    Sure. Wireless is still just TCP/IP.
     

Share This Page